This issue is a central location for information regarding General Data Protection Regulation compliance discussion, and what is required of Resonate in order to be in compliance with this regulation.

This might be overkill, but it's at least worth an effort to investigate.

This issue is related to issue #163
It is also discussed on the Resonate Community board here.

TLDR:

1. Within the scope of Resonate's business operations, GDPR compliance can be considered "common sense" requirements. "Common sense", in this case, means the deletion of clearly identifying data, such as name / address / email , and so forth.
2. Data can be retained if it is of "legitimate interest" to Resonate (ie artist info / assets that have been purchased by other users of Resonate's platform, or similar circumstances where the retention of data supports Resonate's ongoing business operations).

This issue can be further defined if / when needed. Supporting information is provided in the next section, below.

Here are source links:

https://gdpr.eu/
https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations_en

SME: Small to medium enterprise

More specific info about cookies:
https://gdpr.eu/cookies/

What is considered personal data:
https://gdpr.eu/eu-gdpr-personal-data/

"Everything you need to know about GDPR compliance":
https://gdpr.eu/compliance/

Right to be forgotten:
https://gdpr.eu/right-to-be-forgotten/

Compliance checklist:
https://gdpr.eu/checklist/

Data protection impact assessment:
https://gdpr.eu/article-35-impact-assessment/

Legitimate interests (ie. reasons to retain / keep data, such as tracks that have been purchased):
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/